opensourcemirror
/
tinytinyrss
mirror of https://git.tt-rss.org/fox/tt-rss.git
1
0
Fork 0
Code Issues Releases Wiki Activity

experimental split of public calls into public.php (refs #389)

This commit is contained in:
Andrew Dolgov 2011-11-15 11:40:57 +04:00
parent 507426ef6e
commit e0d91d846d
8 changed files with 304 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
backend.php
View File

@ -59,10 +59,15 @@
authenticate_user($link, "admin", null);
}
if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds" &&
$op != "rss" && $op != "getUnread" && $op != "getProfiles" && $op != "share" &&
$op != "fbexport" && $op != "logout" && $op != "pubsub") {
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
"fbexport", "logout", "pubsub");
if (array_search($op, $public_calls) !== false) {
handle_public_request($link, $op);
return;
} else if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
header("Content-Type: text/html");
login_sequence($link);
@ -431,11 +436,6 @@
module_pref_pub_items($link);
break; // pref-pub-items
case "globalUpdateFeeds":
// Update all feeds needing a update.
update_daemon_common($link, 0, true, true);
break; // globalUpdateFeeds
case "pref-feed-browser":
module_pref_feed_browser($link);
break; // pref-feed-browser
@ -444,63 +444,6 @@
module_pref_instances($link);
break; // pref-instances
case "rss":
$feed = db_escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string($_REQUEST["limit"]);
$search = db_escape_string($_REQUEST["q"]);
$match_on = db_escape_string($_REQUEST["m"]);
$search_mode = db_escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]);
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
}
$owner_id = false;
if ($key) {
$result = db_query($link, "SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1)
$owner_id = db_fetch_result($result, 0, "owner_uid");
}
if ($owner_id) {
$_SESSION['uid'] = $owner_id;
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode);
} else {
header('HTTP/1.1 403 Forbidden');
}
break; // rss
case "getUnread":
$login = db_escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id");
print getGlobalUnread($link, $uid);
if ($fresh) {
print ";";
print getFeedArticles($link, -3, false, true, $uid);
}
} else {
print "-1;User not found";
}
break; // getUnread
case "digestTest":
print_r(prepare_headlines_digest($link, $_SESSION["uid"]));
break; // digestTest
@ -515,149 +458,6 @@
"<img src='images/indicator_tiny.gif'>";
break; // loading
case "getProfiles":
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($link, $login, $password)) {
$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
print "<select style='width: 100%' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) {
$id = $line["id"];
$title = $line["title"];
print "<option value='$id'>$title</option>";
}
print "</select>";
$_SESSION = array();
}
break; // getprofiles
case "pubsub":
$mode = db_escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
return;
}
// TODO: implement hub_verifytoken checking
$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'");
if (db_num_rows($result) != 0) {
$check_feed_url = db_fetch_result($result, 0, "feed_url");
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") {
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if ($mode == "unsubscribe") {
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if (!$mode) {
// Received update ping, schedule feed update.
//update_rss_feed($link, $feed_id, true, true);
db_query($link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id' AND
owner_uid = ".$_SESSION["uid"]);
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
break; // pubsub
case "logout":
logout_user();
header("Location: tt-rss.php");
break; // logout
case "fbexport":
$access_key = db_escape_string($_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($link, "SELECT id FROM ttrss_linked_instances
WHERE access_key = '$access_key'");
if (db_num_rows($result) == 1) {
$instance_id = db_fetch_result($result, 0, "id");
$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
$feeds = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds, $line);
}
db_query($link, "UPDATE ttrss_linked_instances SET
last_status_in = 1 WHERE id = '$instance_id'");
print json_encode(array("feeds" => $feeds));
} else {
print json_encode(array("error" => array("code" => 6)));
}
break; // fbexport
case "share":
$uuid = db_escape_string($_REQUEST["key"]);
$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
if (db_num_rows($result) != 0) {
header("Content-Type: text/html");
$id = db_fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$_SESSION["uid"] = $owner_uid;
$article = format_article($link, $id, false, true);
$_SESSION["uid"] = "";
print_r($article['content']);
} else {
print "Article not found.";
}
break;
default:
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));

2
debian/tt-rss-mysql.cron.d vendored
View File

@ -1,4 +1,4 @@
# /etc/cron.d/tt-rss-mysql: crontab fragment for tt-rss-mysql
# This update feeds for tiny tiny RSS every 20min
12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1

2
debian/tt-rss-pgsql.cron.d vendored
View File

@ -1,4 +1,4 @@
# /etc/cron.d/tt-rss-pgsql: crontab fragment for tt-rss-pgsql
# This update feeds for tiny tiny RSS every 20min
12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1

235
functions.php
View File

@ -840,7 +840,7 @@
!ini_get("open_basedir")) {
$callback_url = get_self_url_prefix() .
"/backend.php?op=pubsub&id=$feed";
"/public.php?op=pubsub&id=$feed";
$s = new Subscriber($feed_hub_url, $callback_url);
@ -1284,7 +1284,7 @@
if (PUBSUBHUBBUB_HUB && $published == 'true') {
$rss_link = get_self_url_prefix() .
"/backend.php?op=rss&id=-2&key=" .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false, $owner_uid);
$p = new Publisher(PUBSUBHUBBUB_HUB);
@ -3830,7 +3830,7 @@
$last_error = $qfh_ret[3];
$feed_self_url = get_self_url_prefix() .
"/backend.php?op=rss&id=-2&key=" .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
@ -4239,7 +4239,7 @@
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/backend.php?op=rss&id=-2&key=" .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
@ -4378,7 +4378,7 @@
}
$rss_link = htmlspecialchars(get_self_url_prefix() .
"/backend.php?op=rss&id=$feed_id$cat_q$search_q");
"/public.php?op=rss&id=$feed_id$cat_q$search_q");
$reply .= "<option value=\"0\" disabled=\"1\">".__('Feed:')."</option>";
@ -7544,11 +7544,17 @@
_debug("Updating: " . $line['access_url'] . " ($id)");
$fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
$fetch_url = $line['access_url'] . '/public.php?op=fbexport';
$post_query = 'key=' . $line['access_key'];
$feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
// try doing it the old way
if (!$feeds) {
$fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
$feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
}
if ($feeds) {
$feeds = json_decode($feeds, true);
@ -7598,6 +7604,223 @@
last_status_out = '$status', last_connected = NOW() WHERE id = '$id'");
}
}
function handle_public_request($link, $op) {
switch ($op) {
case "getUnread":
$login = db_escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id");
print getGlobalUnread($link, $uid);
if ($fresh) {
print ";";
print getFeedArticles($link, -3, false, true, $uid);
}
} else {
print "-1;User not found";
}
break; // getUnread
case "getProfiles":
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($link, $login, $password)) {
$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
print "<select style='width: 100%' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) {
$id = $line["id"];
$title = $line["title"];
print "<option value='$id'>$title</option>";
}
print "</select>";
$_SESSION = array();
}
break; // getprofiles
case "pubsub":
$mode = db_escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
return;
}
// TODO: implement hub_verifytoken checking
$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'");
if (db_num_rows($result) != 0) {
$check_feed_url = db_fetch_result($result, 0, "feed_url");
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") {
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if ($mode == "unsubscribe") {
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if (!$mode) {
// Received update ping, schedule feed update.
//update_rss_feed($link, $feed_id, true, true);
db_query($link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id' AND
owner_uid = ".$_SESSION["uid"]);
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
break; // pubsub
case "logout":
logout_user();
header("Location: tt-rss.php");
break; // logout
case "fbexport":
$access_key = db_escape_string($_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($link, "SELECT id FROM ttrss_linked_instances
WHERE access_key = '$access_key'");
if (db_num_rows($result) == 1) {
$instance_id = db_fetch_result($result, 0, "id");
$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
$feeds = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds, $line);
}
db_query($link, "UPDATE ttrss_linked_instances SET
last_status_in = 1 WHERE id = '$instance_id'");
print json_encode(array("feeds" => $feeds));
} else {
print json_encode(array("error" => array("code" => 6)));
}
break; // fbexport
case "share":
$uuid = db_escape_string($_REQUEST["key"]);
$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
if (db_num_rows($result) != 0) {
header("Content-Type: text/html");
$id = db_fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$_SESSION["uid"] = $owner_uid;
$article = format_article($link, $id, false, true);
$_SESSION["uid"] = "";
print_r($article['content']);
} else {
print "Article not found.";
}
break;
case "rss":
$feed = db_escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string($_REQUEST["limit"]);
$search = db_escape_string($_REQUEST["q"]);
$match_on = db_escape_string($_REQUEST["m"]);
$search_mode = db_escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]);
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
}
$owner_id = false;
if ($key) {
$result = db_query($link, "SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1)
$owner_id = db_fetch_result($result, 0, "owner_uid");
}
if ($owner_id) {
$_SESSION['uid'] = $owner_id;
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode);
} else {
header('HTTP/1.1 403 Forbidden');
}
break; // rss
case "globalUpdateFeeds":
// Update all feeds needing a update.
update_daemon_common($link, 0, true, true);
break; // globalUpdateFeeds
default:
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
break; // fallback
}
}
?>

2
modules/backend-rpc.php
View File

@ -215,7 +215,7 @@
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/backend.php?op=rss&id=-2&key=" .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);

2
modules/popup-dialog.php
View File

@ -1094,7 +1094,7 @@
print __("You can share this article by the following unique URL:");
$url_path = get_self_url_prefix();
$url_path .= "/backend.php?op=share&key=$uuid";
$url_path .= "/public.php?op=share&key=$uuid";
print "<div class=\"tagCloudContainer\">";
print "<a id='pub_opml_url' href='$url_path' target='_blank'>$url_path</a>";

2
modules/pref-feeds.php
View File

@ -1520,7 +1520,7 @@
print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
"/backend.php?op=rss&id=-2&view-mode=all_articles");;
"/public.php?op=rss&id=-2&view-mode=all_articles");;
print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
__('Display URL')."</button> ";

62
public.php Normal file
View File

@ -0,0 +1,62 @@
<?php
/* remove ill effects of magic quotes */
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
$op = $_REQUEST["op"];
require_once "functions.php";
if ($op != "share") require_once "sessions.php";
require_once "modules/backend-rpc.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
require_once "db-prefs.php";
no_cache_incantation();
startup_gettext();
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
init_connection($link);
$subop = $_REQUEST["subop"];
$mode = $_REQUEST["mode"];
if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
header("Content-Type: application/xml; charset=utf-8");
} else {
header("Content-Type: text/plain; charset=utf-8");
}
if (ENABLE_GZIP_OUTPUT) {
ob_start("ob_gzhandler");
}
handle_public_request($link, $op);
// We close the connection to database.
db_close($link);
?>